RFC: ssh-copy-id tweaks
Nick Dokos
nicholas.dokos at hp.com
Sat Feb 2 06:31:34 EST 2008
Bob Proulx <bob at proulx.com> wrote:
> I am not aware of any problem with using DSA. It is just that RSA is
> the more preferred solution by many.
>
> The purpose of DSA was to avoid the RSA patent. Since the RSA patent
> is now long expired there is no longer any reason to avoid using RSA.
>
> +1 on using id_rsa.pub by default, or other more generic solution.
OK.
>
> > I just thought that having the default being the case that nobody
> > uses (perhaps I should say, that nobody should use) any more is a
> > little strange.
>
> I am not quite understanding what you are saying here. Are you saying
> that people should not use DSA? This is not the case. DSA is
> perfectly fine to use. It is just not as efficient as using RSA.
> That is what makes use of RSA the preferred choice by many.
>
ssh-copy-id is using the RSA1 identity.pub by default. My point was that
nobody should use RSA1, so this should be changed: I went for id_dsa.pub
but so far at least, the vote (by a margin of 2 to 1!-) seems to be
going for id_rsa.pub (or a more inclusive solution).
What do you think about the proposals to eliminate duplicate keys from
.ssh/authorized_keys?
Regards,
Nick
More information about the openssh-unix-dev
mailing list